<?php

/**
 * Controleur d'authentification des utilisateurs
 */

// Vérification du formulaire d'authentification
if(isset($_POST['login']) and isset($_POST['password'])) {

	// username and password sent from form
	$myusername=$_POST['login'];
	$mypassword=$_POST['password'];

	// To protect MySQL injection (more detail about MySQL injection)
	$myusername = stripslashes($myusername);
	$mypassword = stripslashes($mypassword);
	$myusername = $bdd->quote($myusername);
	$mypassword = $bdd->quote($mypassword);

	$requete = $bdd->prepare("SELECT * FROM utilisateurs WHERE username=".$myusername." and password=PASSWORD(".$mypassword.")");
	$requete->execute();
	$identification=$requete->fetch(PDO::FETCH_ASSOC);
	// Mysql_num_row is counting table row
	$count=count($identification);

	// L'utilisateur a été trouvé en base
	if($count>1){
		
		// L'utilisateur existe en base
		$_SESSION['isAuthenticated']=true;
		$_SESSION['username']=$_POST['login'];
		
		if ($identification['admin']==0) {
			$requete = $bdd->prepare("SELECT code_client_hto FROM fiche_client WHERE login=".$myusername." ");
			$requete->execute();
			$authentification=$requete->fetch(PDO::FETCH_ASSOC);
			$_SESSION['user']=$authentification['code_client_hto'];
		//	$offresInternet = ClientDao::searchByoffreinternet($authentification['code_client_hto']);
		//	$offresvga = ClientDao::searchByoffrefixe($authentification['code_client_hto']);
		//	$offresvoip = ClientDao::searchByoffrevoip($authentification['code_client_hto']);
		//	$offresmobile = ClientDao::searchByoffremobile($authentification['code_client_hto']);
		//	$offresoption = ClientDao::searchByoptionmobile($authentification['code_client_hto']);
			redirect("home");
			
		} else {
			$_SESSION['admin']=true;
			$_SESSION['niveauAuth']=$identification['admin'];
			redirect("home-admin");
		}
	}
	else { 
		
		// L'utilisateur n'existe pas en base
	
	}
}

echo $twig->render('login.html');


